Joomla! Discussion Forums

3 months of work, we were just official online.

We had alot of modules and so installed, event calendar, CB, JCE, BSQ Statistics, and more...
We were figuring it out, it started to work, we had the feeling we knew what we weer doing.

This evening we saw the message of Ultra turk, a member of a hack organisation, instead of our "baby".
We searched for a few things, visited a few websites about the group/hacker.
All links go to the turkisch community.

After a whiskey and some chips and salami ( i am on a diet since a few weeks!) we tried to restore everything coz for this reason we pay more for our place on the http://WWW... but nothing happend, Ultra Turk and his music, witch i started to hate by now, was still there. No beautifull restyled portal bleu anymore. No more users, no more links, no more news. But *thank you for the music* as abba would sing, a stupid song with an even more stupid picture.

Do i have a question, i hear you thinking?
Of course i have...
WHERE IS OUR WEBSITE?
Why isn't the restore working, we sure did pay for it...

AND what can we do to avoid this?
I understand by reading some security topics there is alot you need to do...?
When i started with joo

mla, the joomla portal said it was for "everyone" but now i see ultra turk instead of our website... AND am i gaining weight instead of loosing it for a hobby that is suposed to bring relaxation... Didn't think they ment that "everybody" could change my fav spot on that enormous WWW. Why http://www.phantoms.be ?

Can anyone tel me in short what this guy did?
What we didn't do?
What are the first... 20? things we need to do to avoid this?
We gonna ask someones help to set all the options right if we know where to start.

Kind regard,
Johan who needs another drink.

not sure about the backup restore, check with the hosting company, check to see if regiter globals is off, check your componenets to make sure they are secure and updated.

Thxs fot the quick reply!
All comp en mods are new, we installed them in the last month, soem are on the list of unsecure but alot are using them.
"check to see if regiter " ? Where can i find this?

Kind regards and thanxs again.

sorry check register_globals to see if they are on, again you can check with the hosting comapny, or search for turning register_globals off in the security forum.

Thxs, found in google how to do this.

Provider is contacted, we got a "ticket", answer wil follow within 24 hours...

Bey!

good deal

Joomla! will tell you if register_globals is on if you go to the Administrator -> System (menu) -> System Info page... You might have to look through the tabs that are there but it is there with the PHP information.

If ANY of your extenstions are on the unsecure list, then your site is unsecure. It doesn't really matter if many other sites use the same unsecure extentions. They too are in danger of getting cracked.

*confused*
As i already said, we must have used the latest versions, we are only working w/ joomla for 3 months, intensifly since 2.
I see like CB is in the list if you have an older version  but we must have had the latest, we always download from te original sites.
We tracked alot of them by this site.


How many % security has this tip i found here? no entrance = 100%?

Have you checked the folder permissions?
A webserver has a sophisticated system to control the read, write and execute permissions of its files. If you give to much access to your folders, your server gets vulnerable and can be hacked easily. Thats why you shouldn't give more than the standard 755 for folders and 644 for files. This is a number combination that represents a certain kind of read/write access. Basically you give full access to the owner of the file and only restricted access to others. The ownership is another problem and both are well discussed in the forum.

Many of the recent updates for these components have only been available for a month or less.  CB included, that was only updated about two weeks ago.

Thxs, we will check all versions B4 we install them OR when the provider could restore the site, we can't seem to do it ourself by the control panel of Dommel.

I see alot of sugestions around here but is this : http://forum.joomla.org/index.php/topic,81058.0.html complete?
If so i ask a collegue to set everything right...

It is pretty comprehensive, yes.  The most important things are PHP's register_globals = off, RG emulation = off (still debatable), file permissions being set correctly, and using the latest versions of everything (PHP, Apache, Joomla, Joomla extensions, etc.).

Thanxs guys to make us realise how dumb we are/where... 


Bey 4 now!

Euh...
Were back online, at least, a litle bit...

Our host restored a back up from an earlier date then the hack.
But now we don't see the site, only the message the site is temp offline and we can't sign-in to the admin as well, "page not found" instead of the log-in page.
What else do we need to do?
The database name seems OK in the configfile.
The host did mention they found an updated version of joomla online, we did reinstall a new version of joomla 1.0.7 after the hack and updated it to 1.0.10. The restore was done after the nstall and update. Do we need to change anything in the config file?
What must we do to get the site back online again?
We do have access to the site by filezilla/FTP...

Kind regards,
Johan.